From 032ea3b32bb87382138b160ab42da2199cdeb326 Mon Sep 17 00:00:00 2001 From: Francesco Pantano Date: Wed, 1 Jul 2026 21:23:19 +0200 Subject: [PATCH] Fix client IP logging in Watcher API VirtualHost Align watcher httpd logging with the cinder/nova-operator pattern: - Add missing SetEnvIf X-Forwarded-For in the VirtualHost block - Normalize server-level httpd.conf: use standard LogFormat names (combined, proxy), fix inverted env= on proxy CustomLog, log to /dev/stdout so logs are visible via oc logs -f Closes: OSPRH-32126 Co-Authored-By: Claude Opus 4.6 Signed-off-by: Francesco Pantano --- .../watcherapi/config/10-watcher-wsgi-main.conf | 1 + templates/watcherapi/config/httpd.conf | 15 ++++++--------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/templates/watcherapi/config/10-watcher-wsgi-main.conf b/templates/watcherapi/config/10-watcher-wsgi-main.conf index 3fc54aed..6bfd3188 100644 --- a/templates/watcherapi/config/10-watcher-wsgi-main.conf +++ b/templates/watcherapi/config/10-watcher-wsgi-main.conf @@ -21,6 +21,7 @@ ## Logging ErrorLog /dev/stdout ServerSignature Off + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded CustomLog /dev/stdout combined env=!forwarded CustomLog /dev/stdout proxy env=forwarded ## set watcher log level to debug diff --git a/templates/watcherapi/config/httpd.conf b/templates/watcherapi/config/httpd.conf index 3b0788f6..39ae432e 100644 --- a/templates/watcherapi/config/httpd.conf +++ b/templates/watcherapi/config/httpd.conf @@ -36,15 +36,12 @@ AccessFileName .htaccess Include "/etc/httpd/conf.modules.d/*.conf" Include "/etc/httpd/conf.d/*.conf" - LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%a %l %u %t \"%r\" %>s %b" common - LogFormat "%{Referer}i -> %U" referer - LogFormat "%{User-agent}i" agent - LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded - - ErrorLog /dev/stderr - TransferLog /dev/stdout + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy + + SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded + ErrorLog /dev/stdout CustomLog /dev/stdout combined env=!forwarded - CustomLog /dev/stdout proxy env=!forwarded + CustomLog /dev/stdout proxy env=forwarded ## set default apache log level to infor from warning LogLevel info